CrowdSec Absolute Beginners Workshop

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

foreign [Music] welcome to another video in this video today we're going to be going through the crowd set for absolute Loop beginners Workshop version free in this version this version is now hosted on a platform called killer coder so if you don't know what color coder is color coder is a a easy replicatable environment website and it can have a guide running alongside it where you can click on commands and they will execute in the terminal to the right hand side we chose this platform just for the general ease of it um and how how good it is in interacting with yourselves as an audience just because you can also sit through a video like this uh go through the commands with me or if you want to you can just steamboil ahead go into the link in the description and you can just run through your own pace um if that's what you want to do so as I said in this video we're going to walk through it together um we're gonna go through what crowd attack is how to install it as an agent how to work with the cscli tool um and how they both fit together through uh through the terminal if you like what you see in this video I encourage you to give it a thumbs up because it helps us in the long run whilst you're down there hit the Subscribe button uh as stated previously there are all the links that you need for this video are in the description so head down there we'll make sure that we put the chapters in there also so if there's a specific uh roadblock or an issue that you're having well whilst you're going through a loan or with me then you can revisit those in the chapters down below I'm glad you made it this far in the video but this is going to be the start of the workshop so make sure that if you want to run alongside me that you head down in the description now click on the first link it will take you to exactly this page you may need to sign up for an account so in doing so you'll get access to the scenario file um you can sign up with GitHub or Google off it's just a way for you to authenticate and to make sure that you're not a robot and you're not spinning up things you shouldn't so it as stated in this Workshop we're going to run through what Corral SEC is uh the agent as well as the csclr let's preface this and how you can interact with killer coder so on the left hand side there is the instructions so this is just like a text file you'll just read through and then the right hand side there is a terminal so this terminal has two machines or this scenario has two machines one that's called control plane and the one that's called nodo one the differences that you need to know had this current moment is the control plane is the machine that we're going to be installing cross deck on and node o1 is going to be our attacking machine so we can make sure that once we've installed kraussec we can verify that the engine is working correctly so I'm just going to start on the left hand side so as stated in this Workshop you'll learn how to set up craft set up some bounces so in this example we're going to be setting up the firewall Bouncer and also the nginx bouncer we're also going to be taking a look at the cscli tool so this tool allows you to interact with crowsec and do admin tasks that you need to do from the terminal we're just going to focus on the essential aspects of this to make sure that you understand how the IDS component and the IPS component work together following on from that section we have the what we call the kraussec tax summoning taxonomy uh basically in short just words that we use that don't really make much context outside of Within crowdstec I'm not going to run through each one of these take pause the video and read through this uh taxonomy so you just make sure that you understand that when we talk about a bouncer you know exactly what a bouncer is in the context of crowdstick once you've unpaused and gone through there then you'll hit the start button at the very bottom just to get rocking and rolling on on this adventure with us so in step one we're going to be going over a basic installation of crowdstick so for most people out there this will be the way that you would install kraussec through our package repositories however if you have a more advanced settle such as kubernetes Docker or any other way that you would like to run kraussec head over to the documentation page which is docs.crowdstec.net and you can read all about those different setups over here but just for this Workshop we're going to be just focusing on the repository installation so at the very top is the command that will curl out to our package Cloud repository grab the script for Debian because the control plane is running Ubuntu and it will just pipe it to bash we wouldn't normally recommend that you pipe it straight to bash please download this file vet the file contents for yourself and make sure that you're happy with it however for this Workshop I'm just going to inform you to click this button and it will exec it into the terminal on the right hand side so as you can see there's no need for you to type out commands you just click on the left and then it will then exec it on Terminal on the right hand side this is just for General ease great now the repository is set up and ready to go because we're running Ubuntu we can just do apt install because we've already installed the repository so we can install it from our package manager that's on the system great now craftsec is installed and ready to go however I would just like to take your focus just into the terminal just to see exactly what has happened to the system when you install Kraft sec so when crownstack is installed it has a post installation routine that it runs which we normally dub as service discovery mode so in service discovery mode it will try to detect what services you are running EG web server email server that kind of stuff and it will try to detect the log files and then automatically set up the acquisition and the collections so you can see here that inside the terminal you've just two there's three info commands here in a different shade of blue and you can see that it's installed the lens collection because I'm running Ubuntu it's installed the nginx collection because I'm running nginx on this control plane for The nginx Bouncer and then we're also running the SSH terminal so it's managed to pick up that we are running the SSA server these are the key things that I just wanted to point out so if you are running a service such as Apache or anything like that and you don't see it in this list it's just because it's tried to detect what the log file is but your configuration may have deferred from the defaults so you will have to go in and set this up manually however we're not going to be covering manual acquisition in this Workshop this is just uh given the basic overview of what crowds I get so following on from installing kraussec we're going to be now installing the two bouncers that we need for this Workshop which is the firewall bouncers IP tables and the craft set nginx bouncer so for this you're just going to click on this command and then it will automatically run it for you great that's the two bouncers installed now so we can now move over to the next section in this section we're just going to be covering over a new feature that was added in version 142. so by default kraussec uses a sqlite database that's installed into the data data directory that's if you want to run it in SQL SQL Lite you can use MySQL postgres but in this Workshop we're just going to keep it to the defaults so in version 142 and above we implemented a sqlite feature called wow which stands for right ahead logic so because we don't know everybody's environments by default this configuration is not provided so as you can see in the right hand side here you can see that there was you were using SQL like without well um warnings popping up that's because we need you to set it firstly uh to either true or false to get rid of those warnings so in this Workshop we're just going to set it to true the only reason that you would not set it to true to false would be if you're running your sqlite database in a network attach your storage and that's um if that is the case you would change it to false because there's a some issues with writing over a network so you're just going to click the command and then it will automatically write the config and restart the service great now we've got Kraft egg installed with two bouncers as well as we've done the optimization for kraussec itself to use the well uh support for SQL light in this section we're going to be running over some cscli commands that you can run and just so you can get generally used to the cscli syntax because out of the box it does if you don't use it on a daily basis or don't use it at all then obviously you don't know what commands or what options you can provide it so in this section we're going to go over how to give your shell the completion support so when you do cscl light and you hit tab it will offer you the available commands that you can run so we're going to click this first command what that will do it will spit out the cscli completion in front of you but it will also write a file to the batch completion directory under the cscli from there because we've now added a new option to bash to have this completion support we need to reload our environment the easiest way to do so is to run this Source command and the batch RC which will reload our environment once that's done I'm just going to hit Ctrl and L in the terminal just to make sure that we have a clean clean uh screen to work with so now if you type cscli with a space and then hit tab twice on your keyboard you'll now see that you're offered multiple options here however these options at the moment don't wouldn't make much sense so we're just I'm just going to go over some of these options in the next section so what I recommend to do in the first place is just to run cscli with no options whatsoever hit in enter you'll be gen you'll be offered the help um it helps syntax which will show you all the available commands that you can run after cscli for example let's focus on collections because that is the one that most people work with when you want to install a collection so in this command you will run cxcli Collections and then there'll be a sub command afterwards they see scli tool is meant to be self-expressive so if you want to work with passers then you will go to the passes section so see SEO live passes if you want to work with collections you'll go to the collections section and that's how you would do the administrative tasks for those sub commands if however at any point you don't know what commands or what arguments you can pass to a command if you want to see SEO life and then passes if you follow it with Tac H which is the help command it will offer you the help command also also note as well is that if you have a command such as a sub command so a Command 2 passes is list to list out your passes that you have here if you also follow that with Tac H it will give you the options that you can pass to the list sub command so for example you can pass the TAC a flag to pass this list which will list all the collections um available to your system great now some Basics about the CSL CLI tool there is some examples that you can follow here which is basically working with collections however since you know the fundamentals that you can pass the help command uh how the you go for a main command to a sub command um you should be able to go through and see what each option does however if you just want to read the documentation without actually typing the commands into the terminal you can head over to docs.crowsec.net click on the csli at the very top and then there's a whole bunch of documentation about the commands and what each command does if you don't want to run it on an interactive terminal so for this I will just let you run through these collection examples so please pause the video here once you're happy with working with the CSE lighter just resume the video and we'll move on to the next section hey so if you pause the video Welcome back if you didn't then we're going to be handing over to the handling decisions so this is the most important thing I believe for the cfcli tool to handle so when you're with krauser you may find at some points there has been a decision made against an IP address that was either a false positive or you need to remove the decision because it's interact it's interfering in some like a customer or a user in that way so what we're going to do firstly is we're going to add a decision because this environment is off the network so there is nobody currently attacking this this box firstly this First Command C SEO like decisions add will add a decision with the IP address of one two three four so let's just add that currently you can see you can confirm that this command has run correctly if you see the decisions successfully added if you don't see that then there may be other issues that you have on your system we can confirm that decision is currently active if we run cslide decisions list then you'll see that you'll have this output here so this output on my terminal because I've zoomed in so you can make sure that you can see it under YouTube uh it's kind of a little bit like disjointed so I'm just going to do output Raw just so we can see the actual commands so you can see here that uh it's got an ID of 14976 um and it was a manual band from my machine ID don't take any notice to this machine ID this is just a a jumbled up one just for the workshop and that we did a ban and there is three hours and 59 minutes left on this van just because by default we do a four hour ban if you need to remove this decision there is two ways you can do this you can either do it through providing the ID so the ID in this context is one four nine seven six or you can provide the IP address one two three four normally I would suggest that you run the delete command with the IP if you know the IP just because when you've been running with cross-sec for a while you may find that running the decisions list commands brings you back a lot of entries um and you don't know which ID in particular it is um so running just to delete with the IP is best so I'm just going to click on the csclr decisions delete command you can now see that we've managed to delete one decision and if I clear the screen and then we re-run the csclr decisions list command you'll now see that I have no decisions so if I rerun it again without the raw tag you'll now see that I get the output of no active decisions So currently there is no heading over to the next section we're going to be talking about how craft set can be ran in two modes so there's the active mode which is where it passes logs live and then makes remediations in live mode however crash that can also be run in what we call code log mode or forensics mode so what this will do is it will spin up crosstag as a process run the logs through the same channels that we have normally and it will spit out the decisions that it would have made if it was going over the file live in the process this can be useful if you have if you want to trial Corral SEC and you want to just run it over some logs that you have just to see what crosstalk would have done for those logs at the time or if you're a threat hunter or a ocean tour what you've got some logs that I've passed on from a client and you need to know what IP addresses are of interest to yourself you can runsec in this way so if we take a look at the syntax so we run the kraussec binary we don't run cscli in this mode so you run crowsec with a DSM flag so this DSM flag I'm not going to go too into details and just note that it works the same as like a URL whatever you pass at the front so in this case File means that we're going to be using the file acquisition module and then we're going to do colon slash and then anything after those lashes is the path to the file so in this example I've already pre-generated a log file which is an nginx lock file called pone.log and it sits in the root directory of this account because it's nginx we're going to pass it an argument to other type which is nginx and you also note that we also pass another flag called No API the reason that we're passing this in is because kraussec is currently running as a service on this box so we need to make sure that it doesn't try to spin up a new API endpoint because we're just getting error saying that the port is already in use so clicking on this command you'll see a lot of output a lot of output because prowsec by default is very verbose so it tries to inform you about everything that it can get however the thing key things to note in this output is when you see the word IP and the IP addresses that it comes afterwards so we can see here that this IP address has been noted for HTTP generic 401 Brute Force as well as the IP address below 173 address has also been noted for the 401 Brute Force it's key to note that the timestamps for these attacks are quite old so if you see this this one was on the 27th of December last year and this one was also on the 5th of January this year heading on to the next section in this section we're going to be talking about how we can optimize the nginx bouncer so by default and the nginx bouncer you operates in what we call live mode so in short live modes when a request comes into the server live mode will send a request from the nginx process to the crowdstec local API The Lappy and it will test to see if that IP address currently has a decision against it if it does then it remediates it however if you're running like an e-commerce business or a business that has a quite a lot of traffic live mode is not very performant to handle these cases if you're running like a small blog or anything where you can handle these types of traffic then it's perfectly fine to run in live mode however in this example we're going to be changing it over to stream just so we can cover it as a topic in this Workshop so we're gonna hit this um command which is basically going to open Nano and go straight to the nginxbouncer.com clicking on that nginxbouncer.conf command will open up the configuration file in front of your eyes what we need to do is head down to the section that says mode and what you need to do is change the live command to stream in short what this does instead of the nginx process send a request to The Lappy every time he gets a request to check if the IP address has a current decision or not what stream mode does is that it asks Lappy on CE when nginx starts up as a process for all the current IP addresses and it holds it in what we what nginx calls like a a hash map this is performant in two ways because when the nginx process needs to check if the IP has a decision against it it already has it locally however there's one caveat to that you may see above it there's a there's a option called update frequency which is set to 10. so what this will inform the process to do is every 10 seconds it will send a request to The Lappy to say have you got any new or deleted decisions for me to handle if it does then it acts on those decisions either adds or removes them the one caveat I need to point out here is let's say an attacker is attacking your HTTP service a decision is made against it however it can take up to 10 seconds before they are fully remediated so we're just going to save this file by hitting Ctrl X press Y and then press enter to save once that's all saved we then need to go and reload the nginx by clicking on this next command just below the blue boxes in short what this does is a nginx-t test the configuration files to make sure they are valid if they are valid because of the and Clause it will then reload nginx so clicking on this we can see that the syntax is okay and so it has Reloaded next we're going to move moving on to configuring Crown sector handle HTTP bands differently from just normal like SSH brute force or anything like that the reason that I want to do this is because I run an e-commerce business and I want the ability for users to self-re-mediate if they are banned because I don't want to be losing business as an e-commerce business because I want to make sure that I get that sale so in short what we are going to be doing in this next command is we're going to be inserting a profile above the default IP remediation which will say if this scenario has the word HTTP in it then provide them a captcha instead of just blocking them access to the port so I'm just going to click on this now once that has run I am then gonna bless the Etsy Krause profiles.yaml so you can see here this is now the new profiles.yaml that I have so at the top we have a capture remediation so it will detect if the scenario contains the word http then it will do this decision instead which is give them a capture instead of blocking them the reason that this is best case scenario for a business that's e-commerce or has some sort of way or want some sort of way sorry for the users to self-remediate is when they go to your website by default if you're running the iptables bouncer when they hit enter they won't see that they are banned or the reason why they're not getting to your website so in short that is a bad user experience um from e-commerce perspective that may be something that you want to do if you want to make sure that they are banned then obviously don't do this but if you want to give them a web page that says sorry we can't serve you at the moment because of your IP address has been marked as as like blocked blocked great now we can head on to the next section so as you can see uh on the left hand side there has just been a command that's just been run uh don't pay too much attention to that what it's basically doing is it's um removing the default whitelist that comes with kraussec the craft set comes with a default white list for private IP ranges and because this is in a workshops control setting we only have access to whitelists so this section is going to be about testing a chrome configuration to make sure that we can remediate an attacker at that point whoa what well now we're going to get our hacking mode on so in this section I'm going to be going overview how you can test your instances of crownstick um this I thought I'll get suited and booted so to speak in front and for the role so in this section uh just a disclaimer anything that you learn in this section is solely meant to be used in the context of this Workshop so do not go around attacking other people's machines that you don't have permission to do so this is clearly something that you should not do if you want to test your own boxes then you can use what you've learned here but you need to have explicit permission to test those ones so before we start what we're going to do is we're going to tail the crown set log within this shell so make sure that the shelter is root at control plane and you're just going to hit the first option which is tail what this will start doing is this will start tailing the log file for you then we're going to open up a new shell so we can connect to our attacking box so up here under next to tab one that you can see there's a little plus button it's really hard to see but if you hit this this will then create another shell for you to log into so hop over to tab 2. so there's a weird thing that when you hit the plus button it doesn't automatically send you directly into the shell you have to then click the tab again to go into it so what we're going to do is log into our first node so this is the first node so SSH node 01. this is the attacking node clicking on this you will log straight in and you'll notice that there's no password to log in you just go straight in but now your terminal has changed to no zero one and a dollar sign great that means we're on the attacking box next what we're going to do is we're just going to run apt and install nicto and Hydra Nitto is a web app uh scanner so what that will do is just do HTTP requests to the web server to test for common vulnerabilities that are known to the nicto um security system Hydra on the other hand is a multi-purpose tool that can emulate brute forcing on multiple different services in this context we're going to be using it for SSH so if you click on this what you'll notice is that it will try to install them but because we have a I have a script that runs at the start of this scenario that automatically installs these dependencies for you but I would like to just click on it just in case if there was any error in the script that you just make sure that they are definitely installed so the first thing that we're going to emulate is we're going to emulate a is an SSH Brute Force so we're going to click on this command here make sure that you're running this command on node 01 because that's the box that we're going to simulate the attack from clicking on this what you'll see is that it will start doing the attack however you'll see that it was trying to do 26 login tries but it kind of failed really quickly if we click on that again what you'll notice is it will look like it's running however we're not getting any feedback um against the box so if we head back over to the first tab you can see that kraussec has managed to detect that this attack is running and it managed to detect the attack within 500 milliseconds that's pretty cool so we can see here that ip10 224 2722 performed these two attacks um so unders within 600 milliseconds it managed to read the log files and also put the lock in place so not so this IP address can no longer connect you can further ensure that this has been detected if you run cscl light decisions list you'll see that the decision has been acted upon and it is also in the decision list and that we have and this and my attacking box currently has a band timer for another 3 hours and 58 minutes however because I want to try the nicto web scanner now I need to remove decisions and make sure that I retail the preset log so we can also see when that is detected so what I will advise you to do is hit control and L on your keyboard so it does clears the terminal then click on this next command which will delete all decisions with SSH and delete all decisions with slow Brute Force SSH and then retail the log don't be worried about how many decisions it deletes above that's just because I'm deleting by scenario name and I have this scenario installed so I receive the community block list with those other scenarios within um but because this is purely a workshop Workshop environment there's no risk that deleting these decisions will lead to a an attack so we're just gonna head back over to node 01 and I'm going to rerun the same control and L command just to clear the screen now I'm gonna do some trickery uh technical trickery um within the SSH terminal so to be able to see the the capture or the band page for nginx obviously I'm gonna have to be sending a kill request as node 01 however I don't have direct access to run a web browser within nodo one so what this SSH command does is it opens a port 8080 on the machine the nodo one machine and whenever a request comes into that 8080 Port it would then be tunneled slash forwarded across to the control plane Port 80 which is where nginx is running so this is just a simple way for you to connect to neuro one through a proxy port and then it will then forward that request over to the control plane so you can see the capture so all you've got to do is click on this and while it will look like is it will look like you've just basically logged back into the box which technically you have done but now there's one difference if you run SS lntp you'll now see that there's an SSH which is listening on 8080 so that's the port that when you hit it it will be forwarded across to the control plane but 80. next we're going to be running the nickto command so hitting nicto if you've never run nickto before what it basically does is it just checks for common vulnerabilities and it basically comes up with what it can find so because we um configured our nginx engines to stream mode it can take up to 10 seconds before I can see a capture page so what I'm going to do in the meantime is just run the nicto command one more time just so I can give it enough time to propagate the command so when I click on the link down below it will show me the result so from here we can now click on this Blue Link button so if you can see where my mouse is you can see that and we're going to click on this and now you can see that we've got the nginx access forbidden page so we so the request has now been forwarded over to the control plane but control plane sees your IP address as the attacker pretty cool right so this is what I wanted to show within this section of hacker mode so hacker mode this is why I wanted to show because now we've tested it we've ensured that our crafts Act is working correctly and it does manage to take decisions correctly whoa who was that guy the next thing we're gonna do is be talking about how to ins uh how to view your data that's outside of your instance because obviously if you want to keep your data um I don't know if you want to view your data obviously you've got an SSH into your box view it that way however we provide a SAS model for our console so we do offer a community plan um so you can join the craft set console just to view your um instances for your alerts however there'll be some Wicked premium features coming shortly that I'm sure you will want to hear about so what we're going to do is we're going to sign up to the crowds at console however but I've already done this because obviously I work for crowdstec I've already got an account so you would just hit this classic console button you'll be offered to go to the signer just sign up as you would do normally um and then I'll join you on that page here great now we're both in the console together um for me I do have a personal account as well as having a organization account called dummy who stood for like dummy account so we're just going to be running through these steps here so we don't need to install the agent and we don't need to install the bouncer we've already done those the next thing that we need to do is enroll the crosstek instance FYI this uh key at the bottom is a this is going to be removed so do not use this key you will use your own enrollment key make sure that you um keep it secure because it's Unique per account and you shouldn't be leaking it to others so what I'm going to do is I'm just going to copy this command head back over to the console and I'm just going to paste this command in so what we're going to do is we're going to paste this command into the terminal as you can see it says instances already enrolled because I've already done this so what you need to do is Rerun the command but with the overwrite flag once that's done it's all good and proper to go now what we're going to do is we're going to do system CTL restart kraussec the reason that we need to do that is we need to make sure that that the instance re-logs in and manages to send up the metadata that it needs to once we head over to here you'll see that the instance is already showing and accepted once we log in and click on the instance so in the instances tab you'll see now that we've got 22 alerts against the instance it's in that well now log you into the instance so now you can see all of the alerts so I'm just going to briefly walk through this console because there is multiple things um that you can do within this console so I'm just going to scroll down and you can see here that the IP address that we had for our instance um even though it was an internal IP address the alerts still propagate up to the console however obviously because they're private IPS we don't distribute them to the community block list so what I'm going to do now is I'm hopping over to my personal instance um just because I want to show you some real life data in the console because obviously the data that we had from our instance is obviously just fake data there's no real actionable Intel on there so my instance currently um as hosted on my cloud provider currently has about 3.18k alerts the reason for the alerts being so high is I run a tar pit service alongside my normal services so if I detect anything in my tar pit it automatically propagates that decision through to the rest of my services to make sure that everything is protected clicking on my instance you'll see that I have one persistent IP address from China um we have another one from China and the other ones is from the USA so because I run this tar pit Service as you can see endless SSH is my target service I have a lot of alerts that are just on top hitting um just because it's run in a separate container so it doesn't actually get blocked by my bouncer so they can try it as much as they like um which is quite useful for my other services because once I have a decision from my topic it propagates and protects the rest of the surfaces while they're just wasting their time on the topic scrolling down you can see here that we have the decisions so we have the endless SSH Brute Force as stated before so as you can see there's one from USA has tried multiple times in a row within the same minute um to get into the service if I click on the IP address it will now give me extra information about the IP address so scrolling down um you can see that there's dangerous Services Exposed on the on the IP it's also already in the community block list so this is a known bad IP address so if my bounces were set up crew well set up correctly if I didn't configure my bouncers to not block the tar pit service then this IP would have never made it to my services in the first place scrolling down a little bit further you can see that this IP address is purely being used for SSH brute force uh nothing else um you can see that they started to attack mid-jan with January and then they kind of went a little bit dormant and then all of a sudden from that point onwards they've been running most likely this IP address is actually somebody's IP they might have maybe got packed at this point they tried out like attacking um then they went dormant and waited for the next victim and then now they've just been constantly hammering at the door for the next so many days following on to the next section you can see that the top targeted countries for this IP to attack is the us then Germany then France and then all the way down to the bottom you can see that GB is kind of Fifth Fifth Sixth sixth in the list so if if my signals are only accounting oh well if everyone's signals from the Great Britain is only accounting for four percent of the total signals that we're receiving about this IP this IP is very very aggressive um great so I'm going to head back to my instance back to my instances back to my alerts so I can see everything so this was just a quick overview of how the console operates I'm just gonna leave a card that uh up in the top right uh just uh going it just has a little bit more information about new features about the console um just because I can't cover everything in The Beginner's Workshop great and that's it we have just gone through The Beginner's Workshop version three as you can see it's very very basic we just go through how to install how to um test your configuration how to work with the csclital and how you can enroll that instance into your console so you can make sure that you're getting alerts outside of the system so they're easier to view so let's say if you're out and about you can just view them on your phone if you do have any issues or experience any any hiccups during this Workshop in the link Down Below in the description I will leave a GitHub link to the actual scenario files that I use to generate this on killer coder so if you do have any issues open an issue against that and I'll try my best to respond to those issues depending on if they're just self-inflicted or if they're actually a problem with the workshop that we've created however that is me for this video I really hope you enjoyed um how easy this Workshop is compared to our previous workshops um how quick and easy you can just keep coming back and keep going through these commands if you need a little bit more time to develop on how to use the CSC live tool or how to use kraussec in forensics mode um but if you do like it please make sure that you hit the like button it helps us out massively especially to know how good our content is and if we need to revisit some topics whilst you're down there hitting the like button make sure you click the Subscribe button the content over this year we've got loads planned as well as we've got Live Events live events are going to be announced in the Discord channel so please make sure you join the Discord however that is me I'm signing off

Info

Channel: CrowdSec

Views: 9,231

Rating: undefined out of 5

Keywords:

Id: yxbimVtd2nw

Channel Id: undefined

Length: 46min 57sec (2817 seconds)

Published: Mon Mar 06 2023